DEPRECATED

IMPORTANT NOTE: This page is deprecated, updated documentation can be found here

Broadcom bcm43xx

As of 2.6.17, a driver for the Broadcom bcm43xx wireless chipset has been included in the kernel. Older kernels can sometimes be made to work, check out resources available here While this driver natively supports monitor mode, it requires patching before packet injection can be done. After testing aireplay-ng with the patches, please contribute to the forum thread by reporting any successes or failures there.

Note: As of 2.6.24, this driver is considered deprecated, and you might be better off using the new b43 driver instead. (B43 supports the fragmentation attack, and it's much more stable than bcm43xx.)

Is My Card Supported?

Most broadcom cards are supported EXCEPT the following:

PCI ID 14e4:4315

Wireless-N

To determine the PCI ID of your wireless device under linux, enter:

lspci -nn

Alternate Patch

There is a patch by SuD which dramatically improves the injection speed:

Known problems

There is a problem in the bcm43xx driver when injecting packets using DMA access. I'll try to compile the mod without DMA and see what happens asap. I'll also make another patch soon that waits till the send buffer is empty before resuming after an error occurred. Now it just waits a second before resuming at a lower rate.

packets per second is adjusted to around 25 pps

Same problem as above, there is a problem with injection and DMA access.

syslog shows a lot of failed assertions (!ring→suspended).

ASSERTION FAILED (!ring→suspended) at: drivers/net/wireless/bcm43xx/bcm43xx_dma.c:71:request_slot(). Again, a problem with DMA. Aireplay tries to write a packet, the driver wants a free DMA slot for that and can't because the DMA slots were all taken (the driver blocks all dma requests then).

All these problems should be mitigated or fixed with the new patch!

Troubleshooting Tips

Confirm you are running the new module

First, double check that you are in fact running the new module:

modinfo bcm43xx

It will give you the fully qualified file name. Do “ls -l <fully qualified file name>” and confirm it has the date/time of when you compiled and installed the new module. If it does not match, then you are not running the patched module. This would, of course, need to be fixed.